The invention relates generally to systems and methods for backing up data and more particularly to systems and methods that perform centralized secure backup of data.
In most computing systems, it is desirable to periodically backup some or all of the files local to that system. This is to allow recovery of information in case of a partial or total system failure.
There are many different causes of system failures that may result in the local loss of data. For example, a disk drive may fail, the entire computer may be stolen or rendered inoperative due to natural disasters, such as fire or flooding. In each case, the backup media that is not affected by the failure can be used in a recovery. This usually implies that the backup data is physically separate from the target computer. In the case of a natural disaster for example, it is often desirable to have some backup data located off site, such as in a different building, which would not be affected.
In a networked environment with large numbers of computers or other communication systems employing large numbers of processing units, the users are sometimes required to manually and individually backup each of the nodes or processing units (the data on each unit). The user might routinely copy files to a server for example. However, this can be inconvenient for the computer user and unreliable if the user forgets to perform the backup operation or if backup media is not available. Another strategy has been to establish one or more backup servers in the network. Generally, the backup servers are configured with names of the file system directories on various user machines that are to be backed up at a convenient time (for example daily when the network is not busy). The backup servers copy the necessary data files over the network and store the user data on backup media. This technique automates the process and separates the backup data from the user workstation in the case of failure. However, the difficulty with this scheme is that sensitive data may be exposed to anyone who handles the backup media. For this reason, some organizations may specify that backup media may not be sent off site to third party disaster recovery services.
Other computer systems and communication systems allow end users to encrypt their most sensitive data directly on their node. However, end users may not encrypt all of their data or some users, may not encrypt any data at all because it is typically a manual process. For example, known public key cryptography systems allow users to encrypt files to be backed up. Typically an end-user designates the data (files, directories, programs or other data) to be backed up and sends the information to a server using a push approach. However it would be desirable to relieve the end user of the responsibility to secure the backup data. The use of a public key asymmetric cryptosystem, as known in the art, employs a private/public key pair whereby a user typically encrypts data using a public encryption key and uses a private decryption key, known only to a specific user or software application, to decrypt information encrypted under the public encryption key. However, these systems can leave information unencrypted where the user forgets to encrypt the information and also requires the user to push the data to the network.
Symmetric cryptographic systems are known that employ a password for example, to protect and recover information. Such systems typically require a user or other entity to supply the password to both the sending party and receiving party. Access to the password however allows access to the data so this type of approach may not be secure enough where the data is highly confidential. Typically an administrator defines a password and can access all backed-up data and the end-user generally has no control over who can access the encrypted information.
Consequently, there exists a need for a secure data backup system that employs a suitable level of cryptographic security while affording a centralized backup of data. In addition, it would be desirable if such a system allowed only the owner of the data to be able to decrypt any information stored during the process so that the third party repositories and other unauthorized personnel cannot readily decrypt the information.